Flexible Information-Flow Control
Doctoral thesis, 2018

As more and more sensitive data is handled by software, its trustworthiness
becomes an increasingly important concern. This thesis presents work on ensuring
that information processed by computing systems is not disclosed to third
parties without the user's permission; i.e. to prevent unwanted flows of
information. While this problem is widely studied, proposed rigorous
information-flow control approaches that enforce strong security
properties like noninterference have yet to see widespread practical use.
Conversely, lightweight techniques such as taint tracking are more prevalent in
practice, but lack formal underpinnings, making it unclear what guarantees they

This thesis aims to shrink the gap between heavyweight information-flow control
approaches that have been proven sound and lightweight practical techniques
without formal guarantees such as taint tracking. This thesis attempts to
reconcile these areas by (a) providing formal foundations to taint tracking
approaches, (b) extending information-flow control techniques to more realistic
languages and settings, and (c) exploring security policies and mechanisms that
fall in between information-flow control and taint tracking and investigating what
trade-offs they incur.

software security

information-flow control

program verification

language-based security

ED, EDIT building, Rännvägen 6, Chalmers
Opponent: Alexander Pretschner, Technical University Munich, Germany


Daniel Schoepe

Chalmers, Computer Science and Engineering (Chalmers), Information Security

Explicit Secrecy: A Policy for Taint Tracking

1st IEEE European Symposium on Security and Privacy (Euro S&P), Saarbruecken, Germany, Mar 21-24, 2016,; (2016)p. 15-30

Paper in proceedings

Let’s face it: Faceted values for taint tracking

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),; Vol. 9878 LNCS, 2016(2016)p. 561-580

Paper in proceedings

Daniel Schoepe, Toby Murray, Andrei Sabelfeld - Veronica: Verified Concurrent Information-Flow Control Unleashed

JSLINQ: Building secure applications across tiers

6th ACM Conference on Data and Application Security and Privacy, CODASPY 2016; New Orleans; United States; 9 March 2016 through 11 March 2016,; (2016)p. 307-318

Paper in proceedings

Marco Guarnieri, Daniel Schoepe, Musard Balliu, David Basin, Andrei Sabelfeld - Information-Flow Control for Database-Backed Applications

Understanding and Enforcing Opacity

28th IEEE Computer Security Foundations Symposium, CSF 2015, Verona, Italy, 13 July-17 July,; Vol. 2015-September(2015)p. 539-553

Paper in proceedings

We are family: Relating information-flow trackers

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),; Vol. 10492 LNCS(2017)p. 124-145

Paper in proceedings

Cristian-Alexandru Staicu, Daniel Schoepe, Musard Balliu, Michael Pradel, Andrei Sabelfeld - An Empirical Study of Information Flows in Real-World JavaScript

How can we make sure your phone does not leak your secrets?

Software plays an increasingly important role in society and few areas of modern
life are unaffected by code: It influences how we communicate with others, how
we consume news, what we read, and how we access and share information, and even
how we elect our officials, among many other aspects. As a result, software has
access to more and more sensitive information about us, and how that information
is handled is becoming more and more crucial. If private information is leaked,
it may affect our finances, our relationships, and even our democracy. For
journalists and dissidents, even their lives sometimes depend on software
keeping their secrets safe.

However, even for experts, it is very hard to find out if an application will
properly protect sensitive data it has access to. This thesis explores ways to
ensure information is not leaked by applying mathematical reasoning to the code
running on our devices. For example, when installing an Android application, a
user can either allow or deny the application to access private information, but
after access has been granted, the user does not know if the application will
then send this information out over the internet. Using mathematical reasoning
to analyze software, we can control how an application accesses information and
make sure it is not leaked.

Programming Language-Based Security To Rescue (PROSECUTOR)

European Commission (FP7), 2013-01-01 -- 2017-12-31.

AppFlow: Putting Information Flow Control to Work

Swedish Research Council (VR), 2015-01-01 -- 2018-12-31.

Subject Categories

Computer Science



Doktorsavhandlingar vid Chalmers tekniska högskola. Ny serie: 4513


Chalmers University of Technology

ED, EDIT building, Rännvägen 6, Chalmers

Opponent: Alexander Pretschner, Technical University Munich, Germany

More information

Latest update